Smart Systems for Health Agency (now part of eHealth Ontario) developed an award-winning privacy training and awareness program in 2007 to foster a culture of privacy within the organization. This slideshow, presented to benefit other healthcare organizations at GTEC 2008 (October 2008) , highlights the approach, messaging and tools used in that program.

2.
Notes <ul><li>eHealth Ontario formed by regulation in September 2008 </li></ul><ul><li>The transition of SSHA into eHealth Ontario has commenced. </li></ul><ul><li>Comments today reflect experiences of SSHA and not new Agency. </li></ul>

5.
United States: Privacy & Healthcare <ul><li>May 2008 CDT report on privacy and healthcare cites 2006 survey </li></ul><ul><li>When Americans were asked about the benefits of and concerns about online health information: </li></ul><ul><ul><ul><li>80% said they are very concerned about identity theft or fraud; </li></ul></ul></ul><ul><ul><ul><li>77% reported being very concerned about their medical information being used for marketing purposes; </li></ul></ul></ul><ul><ul><ul><li>56% were concerned about employers having access to their health information; and </li></ul></ul></ul><ul><ul><ul><li>53% were concerned about insurers gaining access to this information. </li></ul></ul></ul>

7.
What to Do? <ul><li>In building a culture of privacy, an organization must: </li></ul><ul><ul><ul><li>clearly articulate privacy as an organizational priority; </li></ul></ul></ul><ul><ul><ul><li>communicate key privacy and security messages; </li></ul></ul></ul><ul><ul><ul><li>educate across the organization; </li></ul></ul></ul><ul><ul><ul><li>raise awareness of the importance of registering privacy incidents and breaches; </li></ul></ul></ul><ul><ul><ul><li>build privacy into the fabric of the organization’s activities; and </li></ul></ul></ul><ul><ul><ul><li>make privacy information and guidance readily accessible. </li></ul></ul></ul><ul><li>Think Training AND Awareness </li></ul>

8.
Management Communication <ul><li>Management must have effective messaging: </li></ul><ul><ul><ul><li>Information protection isn’t solely a technical or policy issue; it also involves behavior. </li></ul></ul></ul><ul><ul><ul><li>The protection of personal information is a personal responsible for each staff member. </li></ul></ul></ul><ul><ul><ul><li>Information protection is an ongoing initiative, not a short-term project or goal. </li></ul></ul></ul><ul><ul><ul><li>Objective is to change organizational behavior to develop a “culture of privacy”. </li></ul></ul></ul>

9.
Use Marketing Approach <ul><li>Brand “privacy awareness,” </li></ul><ul><ul><ul><li>Integrate all the materials into a coherent, consistent, and instantly recognizable campaign. </li></ul></ul></ul><ul><ul><ul><li>Strategy should be to continuously inform and motivate staff and managers. </li></ul></ul></ul><ul><li>SSHA adopted its own theme </li></ul><ul><ul><ul><li>“Get Caught! Doing the Right Thing.” </li></ul></ul></ul>

13.
Award-Winning Program <ul><li>GET CAUGHT! won the following International Association of Business Communicators (IABC) awards: </li></ul><ul><li>An international Gold Quill Award of Merit in the Other Graphic Design category; </li></ul><ul><li>A Canadian Silver Leaf Award of Merit in the Other Graphic Design category </li></ul><ul><li>A Toronto chapter Ovation Award of Excellence for Other Graphic Design; and </li></ul><ul><li>A Toronto chapter Ovation Award of Merit for Employee/Member Communications </li></ul>

15.
Privacy Training @ SSHA <ul><li>Online Learning Management System (LMS) with two modules for Privacy and Information Security. </li></ul><ul><li>Mandatory for new employees: to be completed within 30 days of on-boarding date. </li></ul><ul><li>Compliance monitoring done by PS from HR data. </li></ul><ul><li>Non-compliance with requirement results in system lockout. </li></ul>